Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Updating device certificate

f5mkuDefault
Cirrus
Cirrus

‎26-Mar-2021 14:46

Hi experts,

 

I am trying to update my device certificates.

 

what is the difference between these 2?

 

System >> Certificate Management : Device Certificate Management : Device Certificate Signing Request >> server.csr

 

System >> Certificate Management : Traffic Certificate Management : SSL Certificate List >> New SSL Certificate (Then create using Certificate Authority)

 

This is because when I genereated CSR I used the 2nd one, I forgot to create it under the device certificate management.

Will this still work?

 

Thank you in advance.

 

Labels:
0 Kudos
4 REPLIES 4

Patrik_Jonsson
MVP
MVP

‎28-Mar-2021 04:14

Hi there

As long as you have a valid certificate and key you can import them as a Decide Certificate. So if the subject names in the CSR also covers the FQDN of the device you want to have the certificate for it will work just fine.

 

  1. Go to Certificate Management -> Device Certificate Management -> Device Certificate
  2. Click Import
  3. Choose Certificate and Key from the drop-down
  4. Paste/upload a valid certificate and key pair
  5. Click import

 

 

Kind regards,

Patrik

0 Kudos

f5mkuDefault
Cirrus
Cirrus

‎31-Mar-2021 21:19

Thanks Patrick. it did work however I need to bundle the certificate (cert + chain + root).

0 Kudos

Patrik_Jonsson
MVP
MVP

‎01-Apr-2021 00:41

If you're running a newer device you can add the chain via the UI:

0691T00000C2hC7QAJ.pngIf running a v12 you can follow this guide:

https://support.f5.com/csp/article/K13302

 

0 Kudos

f5mkuDefault
Cirrus
Cirrus
In response to Patrik_Jonsson

‎07-Apr-2021 21:34

thank you, actually i got confuse with that but I am certain the CSR can be taken from any machine. Can also be taken from a winserver etc.

I just got confused why there are 2 ways to do it in F5. One that is dedicated for device management and another for app services.

 

but anyway I was able to get it working by bundling the cert, chain and root.

 

Installing the cert, chain and root separate in F5 it does not work.

0 Kudos
Copyright © 2023 Khoros, LLC